Jinher OA SQL Injection Vulnerability in GetTreeDate.aspx Component

A critical SQL injection vulnerability exists in Jinher OA version 1.0, specifically within the GetTreeDate.aspx file. The vulnerability arises because the 'id' parameter is improperly validated, allowing unauthenticated attackers to manipulate SQL queries and execute arbitrary commands on the backend database. This issue could lead to unauthorized access to sensitive data, privilege escalation, remote code execution on the database server, and a complete compromise of the OA system and its data.

Impact

Exploitation of this vulnerability allows for SQL injection, with potential consequences including unauthorized access to sensitive data, privilege escalation, remote code execution on the database server, and a complete compromise of the Jinher OA system.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the GetTreeDate.aspx file with a crafted 'id' parameter. This request can include SQL injection payloads, such as SQL commands followed by a comment delimiter, to manipulate the SQL query processing. The injection can be verified by using a tool like sqlmap to extract database information.

Remediation

It is recommended to implement parameterized queries, apply strict input validation, enforce least privilege principles for database accounts, conduct comprehensive code audits, and deploy a web application firewall as temporary protection.